Follow us on Twitter!
I'd prefer to die standing, than to live on my knees - Che Guevara
Saturday, April 19, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 23
Guests Online: 20
Members Online: 3

Registered Members: 82838
Newest Member: w1zarrd
Latest Articles
View Thread

HellBound Hackers | Computer General | Programming

Author

PHP md5 MySQL Db


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 16-06-06 18:49
<?php
$dbh=mysql_connect ("localhost", "siliconb_md5", "<PASSWORD is normally here but hidden atm") or die ("I cannot connect to the database because I'm a faggot but more importantly" . mysql_error());
mysql_select_db ("siliconb_md5");

if ($_GET['action'] == 'search'){
$result = mysql_query("SELECT * FROM `md5` WHERE `hash` = ".$hash." OR`hash2` = ".$hash." OR `hash3` = ".$hash." LIMIT 1");
if (mysql_num_rows($result) > 0 )
{ $ech = mysql_fetch_array($result);
echo $ech['plaintext']."<br>Added to the database by: ".$ech['user'];
} else {
echo 'Sorry, not found. If you find it out please add it.';
}
}

if ($_GET['action'] == 'add') {
$hash = $_GET['word'];
$i = 0;
$hashs = explode(";", $hash);
while ($hashs[$i]) {
$result = mysql_query("SELECT * FROM `md5` WHERE `plaintext` = ".$hashs[$i]." LIMIT 1");
$num = mysql_num_rows($result);
if ($num > 1) {
echo "Already in database (".$hashs[$i].")</br>";
$i ++;
} else {
$memid = $_COOKIE[$cookie_pfx ."member_id"];
require_once "../includes/newfunctions.php";
$user = getUserfromID($memid);
while ($hashs = explode(";", $hash)) {
$insert = mysql_query("INSERT INTO `md5` (`plaintext`, `hash`, `hash2`, `hash3`, `user`)
VALUES (".$hash.", ".md5($hashs[$i]).", ".md5(md5($hashs[$i])).", ".md5(md5(md5($hashs[$i]))).", ".$user.")");
if ($insert) {
echo "Added to database! (".$hashs[$i].")</br>";
}
$i ++;
}
}
}
}

?>

<form name="form1" method="get" action=""/
<table width="200" border="0">
<tr>
<td>
Word: </td>
<td>

<input type="text" name="word" /> </td>
</tr>
<tr>
<td>Hash:</td>
<td><input type="text" name="hash" /></td>
</tr>
<tr>
<td>Action</td>
<td>
<select name="action">
<option value="search">Search</option>
<option value="add">Add</option>
</select>
</td>
</tr>
<tr>
<td colspan="2"><center><input type="submit" name="Submit" value="Go!!!"></center></td>
</tr>
</table>
</form>

I keep getting errors with the mysql_num_rows everywhere. Any ideas?

Thanx

mozzer

[edit by SM]Disabled smileys[/edit]




Edited by SySTeM on 16-06-06 19:38
Author

RE: PHP md5 MySQL Db


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 16-06-06 19:09
I thought it wasy mysql_numrows(), but I might be wrong.


Author

RE: PHP md5 MySQL Db


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 16-06-06 21:59
No, its definately mysql_num_rows


Author

RE: PHP md5 MySQL Db


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 16-06-06 22:13
In PHP 5.1.2 (Dajoob.com) mysql_numrows() works, so maybe you have a different version?


Author

RE: PHP md5 MySQL Db

SySTeM
Member

Your avatar

Posts: 1524
Location: England, UK
Joined: 27.07.05
Rank:
HBH Guru
Posted on 16-06-06 22:13
Yes, it is mysql_num_rows(), what are the exact errors you are getting?


img138.imageshack.us/img138/6527/sig2ak1.jpg
www.hellboundhackers.org/sig/r/2783.png

http://www.elites0ft.com/
Author

RE: PHP md5 MySQL Db


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 16-06-06 22:20
Warning: mysql_numrows(): supplied argument is not a valid MySQL result resource in /home/siliconb/public_html/cracker/index.php on line 21
mozzer

is the exact ouput. Though I know why the "mozzer" is there!


Author

RE: PHP md5 MySQL Db


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 16-06-06 22:45
mozzer wrote:
Warning: mysql_numrows(): supplied argument is not a valid MySQL result resource in /home/siliconb/public_html/cracker/index.php on line 21
mozzer

is the exact ouput. Though I know why the "mozzer" is there!


perhaps it is because you used mysql_numrows() where you should have used mysql_num_rows(). I don't know for sure, though, since I haven't ever tried using an SQL database.
Author

RE: PHP md5 MySQL Db

SySTeM
Member

Your avatar

Posts: 1524
Location: England, UK
Joined: 27.07.05
Rank:
HBH Guru
Posted on 16-06-06 22:48
http://php.net/mysql_num_rows


img138.imageshack.us/img138/6527/sig2ak1.jpg
www.hellboundhackers.org/sig/r/2783.png

http://www.elites0ft.com/
Author

RE: PHP md5 MySQL Db


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-06-06 07:47
I have looked at that but I think it is because there is something wrong with what I am getting from the db


Author

RE: PHP md5 MySQL Db


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-06-06 08:14
?word=a&action=add

Unknown column 'a' in 'where clause'


Author

RE: PHP md5 MySQL Db


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-06-06 08:55
Sorry about the double post but it now works but adds it in and then adds the wrong plaintext with blank encrpyted.

This is the new code

<?php
<MySQL Connection Stuff>

if ($_GET['action'] == 'search'){
$result = mysql_query("SELECT * FROM md5 WHERE hash = '".$hash."' OR hash2 = '".$hash."' OR hash3 = '".$hash."'") or die(mysql_error());
;
if (mysql_num_rows($result) > 0 )
{ $ech = mysql_fetch_array($result);
echo $ech['plaintext']."<br>Added to the database by: ".$ech['user'];
} else {
echo 'Sorry, not found. If you find it out please add it.';
}
}

if ($_GET['action'] == 'add') {
$hash = $_GET['word'];
$i = 0;
$hashs = explode(";", $hash);
while ($hashs[$i]) {
$result = mysql_query("SELECT * FROM md5 WHERE plaintext = '".$hashs[$i]."'") or die(mysql_error());
$num = mysql_num_rows($result);
if ($num > 1) {
echo "Already in database (".$hashs[$i].")</br>";
$i ++;
} else {
$memid = $_COOKIE[$cookie_pfx ."member_id"];
require_once "../includes/newfunctions.php";
while ($hashs = explode(";", $hash)) {
$insert = mysql_query("INSERT INTO md5 (plaintext, hash, hash2, hash3, user)
VALUES ('".$hash."', '".md5($hashs[$i])."', '".md5(md5($hashs[$i]))."', '".md5(md5(md5($hashs[$i])))."', '".getUserfromID($memid)."')") or die(mysql_error());
;
if ($insert) {
echo "Added to database! (".$hashs[$i].")</br>";
}
$i ++;
}
}
}
}

?>

<form name="form1" method="get" action=""/
<table width="200" border="0">
<tr>
<td>
Word: </td>
<td>

<input type="text" name="word" /> </td>
</tr>
<tr>
<td>Hash:</td>
<td><input type="text" name="hash" /></td>
</tr>
<tr>
<td>Action</td>
<td>
<select name="action">
<option value="search">Search</option>
<option value="add">Add</option>
</select>
</td>
</tr>
<tr>
<td colspan="2"><center><input type="submit" name="Submit" value="Go!!!"></center></td>
</tr>
</table>
</form>




Edited by SySTeM on 17-06-06 13:09
Author

RE: PHP md5 MySQL Db


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-06-06 15:26
I didn't test it out or anything, but this should work (Click 'quote' if you want some formatting):

Code
<?php
 error_reporting( E_ALL ^ E_NOTICE );
 @mysql_connect('localhost', 'root', 'rootpass') or die('Failed to connect to the database.');

 require_once('../includes/newfunctions.php');
 $memid = $_COOKIE[$cookie_pfx.'member_id'];

 $action = isset($_GET['action']) ? $_GET['action'] : '';
 $hash   = isset($_GET['hash']) ? $_GET['hash'] : '';

 if( $action == 'search' ) {
     if( !preg_match('/^[a-f0-9]{32}$/', $hash) )
         echo 'Sorry, but that is a invalid MD5 hash.';

     elseif( !mysql_num_rows($result = mysql_query("SELECT plaintext, user FROM `md5` WHERE hash='$hash' or hash2='$hash' or hash3='$hash'")) )
         echo 'We apologize, but that hash was not found in the database.<br/>'.
              'If you find out the plaintext, please add it.';

     else {
         $r = mysql_fetch_assoc($result);
         echo "{$r['plaintext']}<br/>&*92;nAdded to the database by <b>{$r['user']}</b>";
     }
 } elseif( $action == 'add' ) {
     $hash = addslashes(urldecode(stripslashes($hash)));
     foreach( explode(';', $hash) as $word ) {
         if( mysql_num_rows(mysql_query("SELECT * FROM `md5` WHERE plaintext='$word'")) )
             echo "Already in database ($word)<br/>&*92;n";
         else {

             $insert = "INSERT INTO md5 (plaintext, hash, hash2, hash3, user)".
                       '  VALUES ("$hash", "'.md5($hash).'", "'.md5(md5($hash)).'", "'.md5(md5(md5($hash))).'", "'.getUserfromID($memid).'")';

             if( mysql_query($insert) )
                 echo "Added ($word)<br/>&*92;n";
         }
     }
 }

?>
<form name="form1">
    <table width="400" border="0" align="center">
        <tr>
            <td>Hash/Word to add:</td>
            <td><input type="text" name="hash"/></td>
        </tr>
        <tr>
            <td>Action:</td>
            <td>
                <select name="action">
                    <option value="search">Search</option>
                    <option value="add">Add</option>
                </select>
            </td>
        </tr>
        <tr align="center">
            <td colspan="2"><input type="submit" value="Go!"/></td>
        </tr>
    </table>
</form>







Edited by on 17-06-06 15:34
Author

RE: PHP md5 MySQL Db


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-06-06 18:19
I had to edit that slightly to get it to work with my servers settings but now it works. Thanx

Out of interest how long have you been learning PHP for?

EDIT: Now I need to see how I can quickly use word lists




Edited by on 17-06-06 18:28
Author

RE: PHP md5 MySQL Db


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-06-06 18:46
I've been programming in PHP for about 6 years now.

To add wordlists, all you have to do is:

Code

<?php

set_time_limit(0);

foreach( file('wordlist.txt') as $line ) {
    $word = str_replace(array("*r", "*n"), '', $line);

    mysql_query("INSERT query here");
}
?>





Change * to a backslash, for some reason the HBH filters try changing it




Edited by on 17-06-06 18:48
Author

RE: PHP md5 MySQL Db


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-06-06 19:07
Wow, I've only been at it 3 months. Nice to talk to a true Guru.

Thanx for the help with the code

mozzer

EDIT: When I get something out of a remote db each new line gets encypted from some reason. Why?

Code
elseif( $action == 'addfromfile' ) {
set_time_limit(0);
$list = file($_GET['hash']);
foreach($list as $line ) {
$word = str_replace(array("*r", "*n", " "), '', $line);
if( mysql_num_rows(mysql_query("SELECT * FROM `md5` WHERE plaintext='".mysql_real_escape_string($word)."'")) )
echo "Already in database ($word)<br/>";
else {
   $user = meh()
   }
   else {
$name2 =  mysql_fetch_array($name);
   }
$insert = "INSERT INTO md5 (plaintext, hash, hash2, hash3, user)".
' VALUES ("'.mysql_real_escape_string($word).'", "'.md5($word).'", "'.md5(md5($word)).'", "'.md5(md5(md5($word))).'", "'.$user.'")';

if( mysql_query($insert) )
echo "Added (".$word.")<br/>";
}
}
}







Edited by on 17-06-06 21:22
Author

RE: PHP md5 MySQL Db


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-06-06 21:43
Sorry if people are against double posting or anything but I thought 4 edits was a bit excessive. The answer was to use trim() if anyone has a similar problem